DevSecOps Engineer

Are you a  DevSecOps Engineer looking for a new challenge? 

If you want to expand your reach and share your knowledge with a team of professionals, contribute to the development of your colleagues' or Clients' skills, want to consolidate your expertise and grow on innovative projects, this is your opportunity! 

What this experience will bring you 

First of all, an interesting technical challenge but also an overview of our Client's projects. 
We will build your career together and accompany you towards the development of new skills and technical leadership. 

What will your role be? 

We are looking for a  DevSecOps Engineer to perform the following activities: 

• Develop and maintain GitLab CI/CD components to be integrated by software teams into their pipelines, enabling SAST/SCA/DAST security scans, build processes, reusable templates, and dedicated code modules to ensure software quality.
• Managing the security of artifact repositories and registries through Artifactory.
• Management of SAST/SCA/DAST cybersecurity scanning and build pipelines.
• Create, maintain, and update technical documentation related to DevSecOps best practices, processes, operational procedures, and guidelines for the use of CI/CD templates and tools such as GitLab, Jira, Coverity, Artifactory, Xray, Acunetix, SonarQube, Grafana.
• Develop automation scripts using Bash, PowerShell, and Python to streamline operational and DevSecOps processes.
• Manage and configure secret management solutions to protect credentials, tokens, and access keys within CI/CD pipelines (e.g., GitLab CI Variables), ensuring proper secret rotation and access control.
• Support the administration of roles, permissions, and access controls across the DevSecOps platform (GitLab, Artifactory, Jira, SonarQube, Acunetix), ensuring adherence to the principle of least privilege and periodic access reviews.

What are we looking for in you? Experience and competencies 

• Strong experience with GitLab CI/CD, pipeline development, and automation.
• Knowledge of DevSecOps practices and security scanning tools (SAST, SCA, DAST, SonarQube, Coverity, Acunetix).
• Experience in Artifactory administration and artifact repository management.
• Proficiency in Python, Bash, and PowerShell scripting.
• Expertise in secret management, access control, and least-privilege principles.
• Knowledge of Maven, Gradle, CMake, and ADA.
• Experience in technical documentation and DevSecOps best practices.

Soft skills: 

• Strong communication skills with cross-functional teams.
• Proactive risk management approach.
• Ability to work independently with a high degree of autonomy.

Languages: 

• Italian (Fluent) 
• English (fluent, oral and written) 

Why would you take the plunge? 

Because Scalian is a group of specialists, carrying an ambitious development project, focused on innovation and committed to its customers where you can: 
· Build a tailor-made career path, varied and adapted to your desires, thanks to the variety of missions in your area of expertise and the bridges between trades 
· Learn by the quality of the projects on which you will intervene, in your specialty, and thanks to the large training catalog delivered by our internal Academy 
· Have an attractive social framework that respects everyone's needs (telework agreement, crèches, social coverage, flexibility, soft mobility, etc.) 
· Contribute to R&D topics or participate in internal projects 
· Be part of a friendly team that will make work rhyme with pleasure! 

So want to expand the frame? Contact us to talk about it